On Tue, 28 May 2019 at 13:09, Celejar <cele...@gmail.com> wrote: > > Package: libmojolicious-perl > Version: 8.12+dfsg-1 > Severity: important > File: mojolicious > Tags: upstream > > Mojolicious's HTTPS functionality is completely broken on my system > (ordinary HTTP access works fine):
The default https server key supplied with mojolicious does not support TLS 1.2, being an RSA:1024 key using SHA1 digests. TLS 1.2 is now the default minimum supported version of TLS on testing/unstable [1] and in the forthcoming Debian 10 "buster" release. [1] https://salsa.debian.org/debian/openssl/blob/debian/unstable/debian/README.debian Replacing the keypair with one that does support TLS 1.2 (using RSA:4096 and SHA256 digests) will work. > Upstream tried to help, but seems to be out of ideas: > > https://groups.google.com/forum/#!topic/mojolicious/gjz-0uvUDLk I have posted an update to that thread (currently held for moderation). I have also created an upstream PR [2] which provides a TLS 1.2-compliant keypair: [2] https://github.com/mojolicious/mojo/pull/1371 Cheers, Nick
